PF_PACKET-family socket requires root privilege, how is that configured on linux?
I know the fact that PF_PACKET-family socket requires root privilege,
but I don't know how that is configured on linux.
Anyone knows how开发者_开发百科, is it hard-coded in the kernel directly?
It used to be the case that it was just hard-coded in the kernel.
But starting with version 2.2, Linux has introduced capabilities (see http://linux.die.net/man/7/capabilities) and the kernel now checks for the CAP_NET_RAW capability - see net/packet/af_packet.c.
The root user is still assumed to have all capabilities. Although keep in mind that with virtualization and multiple containers, there can be multiple distinct root users - so even the check for root is a bit more complicated nowadays than just checking uid==0 - see security/commoncap.c.
精彩评论